使用 https.request 忽略 node.js 中无效的自签名 ssl 证书？

Question

提问by Geuis

I'm working on a little app that logs into my local wireless router (Linksys) but I'm running into a problem with the router's self-signed ssl certificate.

我正在开发一个登录到我的本地无线路由器 (Linksys) 的小应用程序，但我遇到了路由器自签名 ssl 证书的问题。

I ran wget 192.168.1.1 and get:

我运行 wget 192.168.1.1 并得到：

ERROR: cannot verify 192.168.1.1's certificate, issued by `/C=US/ST=California/L=Irvine/O=Cisco-Linksys, LLC/OU=Division/CN=Linksys/[email protected]':
Self-signed certificate encountered.
ERROR: certificate common name `Linksys' doesn't match requested host name `192.168.1.1'.
To connect to 192.168.1.1 insecurely, use `--no-check-certificate'.

In node, the error being caught is:

在节点中，被捕获的错误是：

{ [Error: socket hang up] code: 'ECONNRESET' }

My current sample code is:

我当前的示例代码是：

var req = https.request({ 
    host: '192.168.1.1', 
    port: 443,
    path: '/',
    method: 'GET'

}, function(res){

    var body = [];
    res.on('data', function(data){
        body.push(data);
    });

    res.on('end', function(){
        console.log( body.join('') );
    });

});
req.end();

req.on('error', function(err){
    console.log(err);
});

How can I go about getting node.js to do the equivalent of "--no-check-certificate"?

我怎样才能让 node.js 做相当于“--no-check-certificate”的事情？

Answer 1

回答by Juanra

Cheap and insecure answer:

廉价且不安全的答案：

Add

添加

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;

in code, before calling https.request()

在代码中，在调用之前 https.request()

A more secure way (the solution above makes the whole node process insecure) is answered in this question

在这个问题中回答了更安全的方式（上面的解决方案使整个节点进程不安全）

Answer 2

回答by Meg Sharkey

In your request options, try including the following:

在您的请求选项中，尝试包括以下内容：

   var req = https.request({ 
      host: '192.168.1.1', 
      port: 443,
      path: '/',
      method: 'GET',
      rejectUnauthorized: false,
      requestCert: true,
      agent: false
    },

Answer 3

回答by Hesham Yassin

Don't believe all those who try to mislead you.

不要相信所有试图误导你的人。

In your request, just add:

在您的请求中，只需添加：

ca: [fs.readFileSync([certificate path], {encoding: 'utf-8'})]

If you turn on unauthorized certificates, you will not be protected at all (exposed to MITM for not validating identity), and working without SSL won't be a big difference. The solution is to specify the CA certificate that you expect as shown in the next snippet. Make sure that the common name of the certificate is identical to the address you called in the request(As specified in the host):

如果您打开未经授权的证书，您将不会受到任何保护（因为无法验证身份而暴露于 MITM），并且在没有 SSL 的情况下工作不会有太大区别。解决方案是指定您期望的 CA 证书，如下一个片段所示。确保证书的通用名称与您在请求中调用的地址相同（在主机中指定）：

What you will get then is:

那么你会得到的是：

var req = https.request({ 
      host: '192.168.1.1', 
      port: 443,
      path: '/',
      ca: [fs.readFileSync([certificate path], {encoding: 'utf-8'})],
      method: 'GET',
      rejectUnauthorized: true,
      requestCert: true,
      agent: false
    },

Please read this article(disclosure: blog post written by this answer's author) here in order to understand:

请在此处阅读本文（披露：此答案作者撰写的博客文章）以了解：

How CA Certificates work
How to generate CA Certs for testing easily in order to simulate production environment

CA 证书的工作原理
如何轻松生成用于测试的 CA 证书以模拟生产环境

Answer 4

回答by Armand

Add the following environment variable:

添加以下环境变量：

NODE_TLS_REJECT_UNAUTHORIZED=0

e.g. with export:

例如export：

export NODE_TLS_REJECT_UNAUTHORIZED=0

(with great thanks to Juanra)

（非常感谢胡安拉）

Answer 5

回答by IamStalker

Adding to @Armand answer:

添加到@Armand 答案：

Add the following environment variable:
NODE_TLS_REJECT_UNAUTHORIZED=0 e.g. with export:
export NODE_TLS_REJECT_UNAUTHORIZED=0 (with great thanks to Juanra)

添加以下环境变量：
NODE_TLS_REJECT_UNAUTHORIZED=0 例如导出：
export NODE_TLS_REJECT_UNAUTHORIZED=0（非常感谢 Juanra）

If you on windows usage:

如果您在 Windows 上使用：

set NODE_TLS_REJECT_UNAUTHORIZED=0

Thanks to: @weagle08

感谢：@weagle08

Answer 6

回答by Eduardo

You can also create a request instance with default options:

您还可以使用默认选项创建请求实例：

require('request').defaults({ rejectUnauthorized: false })

Answer 7

回答by digz6666

For meteorJS you can set with npmRequestOptions.

对于meteorJS，您可以使用npmRequestOptions 进行设置。

HTTP.post(url, {
    npmRequestOptions: {
        rejectUnauthorized: false // TODO remove when deploy
    },
    timeout: 30000, // 30s
    data: xml
}, function(error, result) {
    console.log('error: ' + error);
    console.log('resultXml: ' + result);
});

Answer 8

回答by piaf

Or you can try to add in local name resolution (hostsfile found in the directory etcin most operating systems, details differ) something like this:

或者您可以尝试添加本地名称解析（在大多数操作系统hosts的目录etc中找到的文件，细节有所不同），如下所示：

192.168.1.1 Linksys

and next

接下来

var req = https.request({ 
    host: 'Linksys', 
    port: 443,
    path: '/',
    method: 'GET'
...

will work.

将工作。

使用 https.request 忽略 node.js 中无效的自签名 ssl 证书？

提问by Geuis

回答by Juanra

回答by Meg Sharkey

回答by Hesham Yassin

回答by Armand

回答by IamStalker

回答by Eduardo

回答by digz6666

回答by piaf

相关推荐

最近更新

标签

使用 https.request 忽略 node.js 中无效的自签名 ssl 证书？

提问by Geuis

回答by Juanra

回答by Meg Sharkey

回答by Hesham Yassin

回答by Armand

回答by IamStalker

回答by Eduardo

回答by digz6666

回答by piaf

相关推荐

node.js 编译 Mongoose 后无法覆盖模型

node.js 如何获得猫鼬模型的所有数量？

Node js-将数据写入可写流

如何在 NodeJS 中调试套接字挂断错误？

相关推荐

最近更新

标签